public function checkEntityRead(User $user, Entity $entity, $data)
{
if ($user->isAdmin()) {
return true;
}
if ($entity->get('parentId') && $entity->get('parentType')) {
$parent = $this->getEntityManager()->getEntity($entity->get('parentType'), $entity->get('parentId'));
if ($parent) {
if ($parent->getEntityType() === 'Note') {
if ($parent->get('parentId') && $parent->get('parentType')) {
$parentOfParent = $this->getEntityManager()->getEntity($parent->get('parentType'), $parent->get('parentId'));
if ($this->getAclManager()->checkEntity($user, $parentOfParent)) {
return true;
}
} else {
return true;
}
} else {
if ($this->getAclManager()->checkEntity($user, $parent)) {
return true;
}
}
}
} else {
return true;
}
if ($this->checkEntity($user, $entity, $data, 'read')) {
return true;
}
return false;
}
public function checkReadOnlyContact(User $user, $scope)
{
if ($user->isAdmin()) {
return false;
}
$data = $this->getTable($user)->getScopeData($scope);
return $this->getImplementation($scope)->checkReadOnlyContact($user, $data);
}
public function checkEntityDelete(User $user, Entity $entity, $data)
{
if ($user->isAdmin()) {
return true;
}
if ($this->checkEntity($user, $entity, $data, 'delete')) {
return true;
}
if (is_object($data)) {
if ($data->edit !== 'no') {
if ($entity->has('createdById') && $entity->get('createdById') == $user->id) {
if (!$entity->has('assignedUserId')) {
return true;
} else {
if (!$entity->get('assignedUserId')) {
return true;
}
if ($entity->get('assignedUserId') == $entity->get('createdById')) {
return true;
}
}
}
}
}
return false;
}
public function getScopeForbiddenFieldList(User $user, $scope, $action = 'read', $thresholdLevel = 'no')
{
if ($user->isAdmin()) {
return [];
}
return $this->getTable($user)->getScopeForbiddenFieldList($scope, $action, $thresholdLevel);
}
public function checkScope(User $user, $scope, $action = null, $isOwner = null, $inTeam = null, $entity = null)
{
if ($user->isAdmin()) {
return true;
}
$data = $this->getTable($user)->getScopeData($scope);
return $this->getImplementation($scope)->checkScope($user, $data, $scope, $action, $isOwner, $inTeam, $entity);
}
public function checkScope(User $user, $data, $action = null, Entity $entity = null, $entityAccessData = array())
{
if ($user->isAdmin()) {
return true;
}
if (is_null($data)) {
return false;
}
if ($data === false) {
return false;
}
if ($data === true) {
return true;
}
if (is_string($data)) {
return true;
}
$isOwner = null;
if (isset($entityAccessData['isOwner'])) {
$isOwner = $entityAccessData['isOwner'];
}
$inAccount = null;
if (isset($entityAccessData['inAccount'])) {
$inAccount = $entityAccessData['inAccount'];
}
$isOwnContact = null;
if (isset($entityAccessData['isOwnContact'])) {
$isOwnContact = $entityAccessData['isOwnContact'];
}
if (is_null($action)) {
return true;
}
if (!isset($data->{$action})) {
return true;
}
$value = $data->{$action};
if ($value === 'all' || $value === 'yes' || $value === true) {
return true;
}
if (!$value || $value === 'no') {
return false;
}
if (is_null($isOwner)) {
if ($entity) {
$isOwner = $this->checkIsOwner($user, $entity);
} else {
return true;
}
}
if ($isOwner) {
if ($value === 'own' || $value === 'account' || $value === 'contact') {
return true;
}
}
if ($value === 'account') {
if (is_null($inAccount) && $entity) {
$inAccount = $this->checkInAccount($user, $entity);
}
if ($inAccount) {
return true;
}
}
if ($value === 'contact') {
if (is_null($isOwnContact) && $entity) {
$isOwnContact = $this->checkIsOwnContact($user, $entity);
}
if ($isOwnContact) {
return true;
}
}
return false;
}
public function checkUser(User $user, $permission, User $entity)
{
if ($user->isAdmin()) {
return true;
}
if ($this->get($user, $permission) === 'no') {
if ($entity->id !== $user->id) {
return false;
}
} else {
if ($this->get($user, $permission) === 'team') {
if ($entity->id != $user->id) {
$teamIdList1 = $user->getTeamIdList();
$teamIdList2 = $entity->getTeamIdList();
$inTeam = false;
foreach ($teamIdList1 as $id) {
if (in_array($id, $teamIdList2)) {
$inTeam = true;
break;
}
}
if (!$inTeam) {
return false;
}
}
}
}
return true;
}
